Welotec TK800 Manual
  1. Manuals
  2. Brands
  3. Welotec Manuals
  4. Network Router
  5. TK800
  6. Manual

Welotec TK800 Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

TK800
Version:
v1.0.0.r20037
Date:
29.11.2023

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the TK800 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Welotec TK800

Summary of Contents for Welotec TK800

  • Page 1 TK800 Version: v1.0.0.r20037 Date: 29.11.2023...

  • Page 2: Table Of Contents

    Radio Frequencies UMTS Asia ........148 Welotec GmbH www.welotec.com...
  • Page 3 ICED‑003 ISSUE 7 VERIFICATION STATEMENT ......154 6 TK800‑Series ‑ FAQ: IPsec Preface .

  • Page 4: 1. Introduction

    1.3 Legal Notice The information in this document is subject to change without notice and is not a commitment by Welotec GmbH. It is possible that this user manual contains technical or typographical errors. Corrections are made regularly with‑...

  • Page 5: Important Safety Notes

    For more information on disposal, recycling, and collection points for waste electrical and electronic equipment, contact your local municipal authority, waste disposal companies, the distributor, or the manufacturer of the equipment. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...

  • Page 6: 2. Quick Start

    If you need a SIM card, contact your local network operator. 2.1 2.1. Package checklist Each TK800 is supplied in a box with standard accessories. Optional accessories can also be ordered. Check the contents of the box. If something is missing, contact Welotec.

  • Page 7: Installation Guide

    The router can be mounted on a DIN rail (top‑hat rail) or used at a workstation. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...

  • Page 8: Installing The Sim Card

    The TK800 supports dual SIM. To insert the cards, press the yellow “Eject” button with a small screwdriver on the top of the device, for example. The respective SIM card slot is pushed out. If the TK800 is not operated in dual SIM mode, use the SIM card slot “SIM1”.

  • Page 9: Antennas Installation

    Tighten the screws and then reinsert the connector block into the router. To ground the device, use the grounding screw on the device. To prevent interference due to electromagnetic influence, the housing of the router must be grounded via the grounding screw. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...

  • Page 10: Cable Connections

    DNS server by the router. The following figure shows the configuration process via DHCP on a PC with the Windows 10 operating system. The settings can be accessed via the Network and Sharing Center in Windows Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 11 Then enter “http://192.168.2.1” in the address line of your browser. After confirming with the “Enter” key, a pop‑up appears as the login page of the router. Enter the user name (default: “adm”) and the password (default: “123456”) Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...

  • Page 12: Led Status Lamps

    There are two SIM card LEDs. When the router boots up, the SIM card LED for SIM card 1 is lit. In all other cases, the SIM card reception indicator is lit: Dial‑in: Dial‑in successful: STATUS WARN STATUS WARN Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 11...

  • Page 13: Factory Reset

    2.12.1 2.11.1. Hardware Method Symbol explanation = LED lights up = LED does not light up = LED flashes 1) Press and hold the RESET button while turning on the TK800: Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 12...
  • Page 14 3) After a few seconds, the ERROR LED no longer lights up. Now press the RESET key again until the error light flashes and then release the key: 4) Now the ERROR and STATUS LED lights will flash, indicating that the factory reset was successful. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...

  • Page 15: Watchdog

    1) Go to the Config Management submenu via the Administration menu: 2) Click Restore Default Configuration to reset the TK800 to its default settings. After a few seconds you will receive the following message. The router has now been successfully reset.
  • Page 16 1) Go via the menu item Network to the submenu item Cellular. 2) Select the Cellular tab 3) Now enter a suitable ICMP Detection Server in the corresponding field and change the ICMP Detection Interval. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 17 Note: The registered ICMP detection server should have a very high accessibility. A server from Google is no longer suitable for this, since the ICMP requests are blocked there. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 16 48366 Laer...

  • Page 18: Port Mapping / Port Forwarding

    2.14 2.13. Port Mapping / Port Forwarding 2.14.1 2.13.1. Access to Connected Devices via the Internet To access devices connected to the Welotec router via the Internet, port mapping or port forwarding can be used. This is configured in the TK800 router via NAT rules.
  • Page 19 2.14.2 2.13.2. Port Mapping Guide 1) Go to the submenu item NAT via the menu item Firewall 2) Now add a new NAT rule with Add 3) Enter the data as in the example Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 20 • Does it respond at “ping 192.168.2.12”? • Is the web interface of the camera accessible via http://192.168.2.12? • Is the Welotec router entered as the default gateway for the camera (192.168.2.1)? Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 19...

  • Page 21: Sms Functions

    2.15 2.14. SMS Functions The TK800 can be reached by SMS from the outside and reacts to various commands sent by SMS. One has the possibility to query the status of the device, to start / stop the dial‑up or to restart the device.
  • Page 22 2) Now select the cellular tab 3) Under Connection Mode, select the Connect on Demand mode and activate the Triggered by SMS field. Now you can send the following commands to the router via SMS: Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 23 Another important SMS command is to switch the digital relay on or off via SMS. The following SMS commands can be used for this • io output 1 on ‑ switches on the relay • io output 1 off switches off the relay Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 22 48366 Laer...

  • Page 24: 3. Web Configuration

    After the successful login, the web interface of the router appears. The web interface of the TK800 is divided into 4 areas. On the left side is the Main navigation with the items Admin‑ istration, Network, etc. In the upper area is the Detail navigation. In this example with Status (active) and Basic Setup.

  • Page 25: Administration

    With Restricted user rights (not administrator) some items are missing in the menu. Restricted users cannot con‑ figure the router, the Apply & Save option is missing. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 26 Here you will find all important information about the status of the individual interfaces. By clicking on [Settings] next to the individual interfaces (e.g. Cellular 1) you will be taken directly to the configu‑ ration of the interfaces. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 27 Under Administration > System Time you will find all the settings for the system time of the TK800 Router. The time can be set manually or automatically updated by a time server via the Simple Network Time Protocol (SNTP).
  • Page 28 DNS server is configured correctly for name resolution. Either a source interface or a source IP can be configured. After the successful update of the time, the following appears in the log under Administration > Log. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 29 The settings for the time server are located under Administration > System Time > NTP Server. In this case, the TK800 can work as a time server for the connected devices. Via Master the stratum can be specified. This indicates how precise the server is. Values between 2 and 15 can be specified.
  • Page 30 Via Other Parameters you can set the Web login timeout. This specifies how long a web interface session remains if no input is made. If the timeout time has expired without any input, then the logged in user will be logged out automatically. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 31 If you want to make adjustments to users, then you can edit them under Administration > User Management > Modify a User. Permissions and passwords can be changed. Under User Summary a user can be selected and then edited under Modify a user. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 32 Please always remember to change the default password (123456) of the adm user to a secure password. 3.1.4.3. Remove Users Under Administration > User Management > Remove Users you can delete users from the TK800. Select the user to be deleted under User Summary and delete it via the Delete button.
  • Page 33 LDAP stands for Lightweight Directory Access Protocol and is suitable for querying and modifying information from directory services. LDAP is based on the client‑server model. Enter the data for your LDAP server here. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 34 Back up the running‑config including the private key Um die running‑config zusätzlich mit den importierten privaten Schlüsseln (private key) aus der Zertifikatsverwal‑ tung zu sichern, setzen Sie den Haken bei Backup running‑config with private key Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 35 SNMP versions v1, v2c and v3 are supported. SNMPv1 and SNMPv2 use the community name for authentication with read‑only and read‑write rights. The IP address under which the SNMP service is available can be selected under Listen IP address. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 36 3.1.8.2. SnmpTrap A SnmpTrap server can be entered. Here the router can actively send SNMP messages to the SNMP management server and does not wait until it receives an SNMP request from the management server. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 37 Read out the data entered above via SMTPWALK on e.g. a LINUX computer: snmpwalk ‑v3 ‑u WeloSNMPUser ‑l AuthPriv ‑a SHA ‑A 123456789 ‑x AES ‑X 123456789 10.255.229.10 snmpwalk ‑v3 ‑u WeloSNMPUser ‑l AuthPriv ‑a SHA ‑A 123456789 ‑x AES ‑X 123456789 udp6:[2a02:d20:8:c01::1] 2) Download MIBS from TK800 Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 38 WELOTEC‑SYSTEM‑MAN‑MIB WELOTEC‑WAN3G‑MIB 3) Start SNMPWALK (either via a LINUX computer or a common MIB browser) snmpwalk ‑m +WELOTEC‑MIB ‑v3 ‑u WeloSNMPUser ‑l AuthPriv ‑a SHA ‑A 123456789 ‑x AES ‑X 123456789 192.168.2.1 WELOTEC WELOTEC‑MIB::ihOverview.1.0 = STRING: “TK800” WELOTEC‑MIB::ihOverview.2.0 = STRING: “RF9151408241109”...
  • Page 39 WELOTEC‑MIB::ihWan3g.1.2.3.6.0 = “” WELOTEC‑MIB::ihWan3g.1.2.4.1.0 = INTEGER: 0 WELOTEC‑MIB::ihWan3g.1.2.4.2.0 = INTEGER: 0 WELOTEC‑MIB::ihWan3g.1.2.4.3.0 = Gauge32: 0 WELOTEC‑MIB::ihWan3g.1.3.1.1.0 = STRING: “262010052709611” WELOTEC‑MIB::ihWan3g.1.3.1.2.0 = STRING: “860461024084629” WELOTEC‑MIB::ihWan3g.1.3.2.1.0 = Gauge32: 0 WELOTEC‑MIB::ihWan3g.1.3.2.3.0 = INTEGER: 0 WELOTEC‑MIB::ihWan3g.1.3.2.4.0 = INTEGER: 0 WELOTEC‑MIB::ihWan3g.1.3.2.5.0 = Gauge32: 193 WELOTEC‑MIB::ihWan3g.1.3.2.6.0 = Gauge32: 0 WELOTEC‑MIB::ihWan3g.1.3.3.1.0 = “”...
  • Page 40 In the Alarm Input menu you define which alarm messages the router should output. By setting the checkmarks next to each entry, an alarm is activated or deactivated. The following alarm messages are available. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 41 The Alarm Output menu is used to configure the e‑mail server that will forward the alerts by mail. If an alarm is triggered, a message is generated by the router and sent to the stored e‑mail addresses via the spec‑ ified e‑mail server. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 42 3.1.10.1. Log The current messages of the router are displayed in the Log menu. The log contains information about network, operational status, configuration changes, ISP connection informa‑ tion, IPSec, OpenVPN status and much more. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 43 Delete log history Download History Log Log history download 3.1.10.2. System Log In System Log you can specify a syslog server to which the logs should be sent over the network. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 42...
  • Page 44 *.bin or *.pkg file). By clicking on Upgrade the firmware will be installed on the router. Please note that the bootloader and the IO board may have to be updated separately if the firmware version is significantly older. If you have any questions, please contact our support. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 45 Save the configuration of the router before you restart the router. Otherwise, the configuration may be lost when you restart. 3.1.15 3.1.14. Third Party Software Notices Here are the software terms and licenses from all third‑party vendors related to the TK800 router series. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...

  • Page 46: Network

    The RSRP value is one of the most important values when it comes to assessing one’s own reception value or re‑ ception quality. It is measured directly by the terminal device. The RSRP is also used to determine the currently Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 47 Most providers assign private IP addresses or IP addresses that are not routed via the Internet. A successful or unsuccessful ping does not indicate whether the IP address of the router can really be reached. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 48 3.2.1.2. Cellular Configuration Under Network > Cellular > Cellular you can change access settings for the cellular network. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 47 48366 Laer +49 2554 9130 00...
  • Page 49 For applications where high availability is important, Strict Strict should be enabled. Show When enabled, more configuration options become visible. Disabled Welotec GmbH www.welotec.com Ad‑ Zum Hagenbach 7 info@welotec.com Page 48 48366 Laer +49 2554 9130 00 vanced Op‑...
  • Page 50 Here you have to set the checkmark at Triggered by SMS. The router will only connect to the Internet if it has received the command to do so via SMS beforehand. Show Advanced Options Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 51 Timeout Debug If enabled, more detailed logging is done disabled If a provider is unavailable, the system switches to the alternative provider. The same applies when the mobile data Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 50 48366 Laer...
  • Page 52 The status page shows the current status of the network ports (depending on the model). 3.2.2.2. Fast Ethernet 0/1 Here you can adjust the settings of the network interface with the label FE 0/1. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 53 De‑ Description of the port ‑ Freely selectable name ‑ scrip‑ tion In the lower menu additional IP addresses can be assigned for the FastEthernet 0/1 port. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 52 48366 Laer +49 2554 9130 00...
  • Page 54 Removing a bridge member from the bridge results in the IP address of the interface being empty. It is therefore recommended to only make changes via the interface FE0/1, as this is not a bridge member. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 55 TK8x5‑EXW model, the VLAN with ID1 cannot be edited as long as the bridge is active. Delete With Delete a previously selected VLAN can be deleted. The VLAN with ID 1 cannot be deleted!!! Adding a new VLAN: Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 54...
  • Page 56 Under VLAN Member Ports, one or more FastEthernet port/s are assigned to the VLAN by checking the checkbox. The TK800 series routers do not have a built‑in ADSL modem. For the use of ADSL Dialup, an external ADSL modem must be connected to the WAN port.
  • Page 57 IP technologies is required. 3.2.4.2. ADSL Dialup (PPPoE) Here you can configure the dial‑in via the DSL modem for PPPoE. The TK800 does not have its own DSL modem, so these cannot dial in independently. In this case, an appropriate DSL modem that can handle the new IP technologies is required. The modem should meet the following criteria: •...
  • Page 58 Under Network > WLAN you can first view the status of the WLAN. For example, the current SSID of the router, the IP address or the role of the WLAN module (access point or client) can be read here. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 59 3.2.5.2. WLAN Configuration Under Network > WLAN > WLAN you can configure the WLAN. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 58 48366 Laer +49 2554 9130 00...
  • Page 60 The radio channel can be selected here SSID The SSID that identifies your WLAN and will be displayed when searching for WLAN net‑ TK800 works. Auth The encryption standard to be used. OPEN, if the WLAN is not to be protected (not rec‑...

  • Page 61: Services

    3.3.1.1. DHCP Status Under Services > DHCP > Status you can see who is currently connected to the router via which interface. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 62 Under Services > DHCP > DHCP Client the router itself can receive a DHCP address from a DHCP server. To do this, select the interface that is to be configured via DHCP. The interfaces can vary depending on the router model. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 63 The DNS works similar to a telephone directory assistance. The user knows the domain (name of a server on the Internet), e.g. welotec.com, and sends this as a request to the Internet. The domain is then converted by the DNS into the corresponding IP address (if you like, the “connection number”...
  • Page 64 Under Services > DDNS > DDNS you can add a new DDNS service. It is important that a new DDNS service is created under DDNS Method List first. Afterwards you have to assign it to an interface, this is done under Specify A Method To Interface. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 65 3.3.4 3.3.4. SMS Introduction The TK800 can be reached from outside via SMS and reacts to various commands sent via SMS. Thus, it is possible to query the status of the device, start / stop dial‑up or restart the device.
  • Page 66 If an SMS with the content show is now sent to the mobile phone number of the router, the router sends its current status as a reply If an SMS with the content reboot is sent to the router, it restarts. You can also follow this process in the router’s log. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 67 3. Select the Connect On Demand mode here under Connection Mode and activate the Triggered by SMS field. Now you can send the following commands to the router via SMS: disconnects the Internet connection (see fig.) cellular 1 ppp up ‑ restores the Internet connection (see fig.) Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 68 3.3.5 3.3.5. GPS (TK8x5L‑EGW bzw. TK8x5L‑EDW) 3.3.5.1. Position Under Services > GPS > Position you will see the data about the current position if the corresponding antenna is connected to the router. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 67...
  • Page 69 This function is only available if the Debug GPS Model (from the previous chapter) is disabled. Here you can now make the appropriate settings. With Apply & Save you save the settings and activate them. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 70 (limitation to 82 characters), there can be up to three such records Mes‑ Input of a message prefix possible. Free input sage Prefix Mes‑ Input of a message suffix possible. Free input sage Suffix Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 69 48366 Laer +49 2554 9130 00...
  • Page 71 Open the menu under Services > GPS > GPS Serial Forwarding and click on the Enable checkbox to switch on the function. Here you can now make the appropriate settings. With Apply & Save you save the settings and activate them. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 72 (limitation to 82 characters), there can be up to three such records 3.3.6 3.3.6. QoS At this point the definition of Quality of Service is possible. Select Services > QoS. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 73 3.3.7 3.3.7. Data Usage In this area you can see the consumption of your data if you have configured this under Data Usage. Select Services > Data Usage. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 72 48366 Laer +49 2554 9130 00...
  • Page 74 Over are: Only Reporting Here, only the consumption value is displayed Stop Forward Here, the further Monthly consumption of data is stopped Shutdown Interface Here, the interface is switched off. Limit Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 73...

  • Page 75: Link Backup

    3.4 3.4. Link Backup With the TK800, it is possible to use two different Internet connections (wired and cellular) to increase accessibility. The router periodically checks the primary Internet connection and automatically switches to the secondary Inter‑ net connection in case of failure. As soon as the primary Internet connection is available again, the router auto‑...
  • Page 76 Under IP Address (Destination Address) a pingable IP address with high availability should be entered (Note: In this example 4.2.2.1 was entered, since this address has a very high availability) • all other data can be copied from the example Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 77 • this is configured as shown in the following example Description of the Configuration Elements: Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 78 Main line works (Internet connection via WAN) If the main line is working and an Internet connection is established through it, the following can be seen: 1. SLA‑Status 2. Track‑Status 3. Status of the cellular connection Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 77...
  • Page 79 Main line does not work (Internet connection via cellular radio) If the main line is not working and an Internet connection is established via the cellular interface, the following can be seen: 1. SLA‑Status Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 80 2. Track‑Status 3. Status of the cellular connection 4. Routing table Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 79 48366 Laer +49 2554 9130 00...
  • Page 81 Consecutive Number of retries, in case of a failed ping. Life forever, the ping should always be executed. Start‑time now, the check should start immediately. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 80 48366 Laer +49 2554 9130 00...
  • Page 82 Delay when switching to the backup interface if the Internet connection on the main interface lay(s) is lost. Positive De‑ Delay when switching to the main interface when the Internet connection is available again. lay(s) Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 81 48366 Laer +49 2554 9130 00...
  • Page 83 VRRP Status Displays the current status, master or backup Priority Displays the priority of the router Track Status Displays whether the connection check is successful Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 82 48366 Laer +49 2554 9130 00...
  • Page 84 First, set up a new SLA under Link Backup > SLA and then a track under Link Backup > Track. Then configure Router A via Link Backup > VRRP > VRRP as shown in Figure 1. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 85 Figure 2 (Interface may differ depending on router model) If you now go to the status page of VRRP (Link Backup > VRRP > Status) you should see the following on the routers: Router A Router B Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 86 The track index, from the previously created track entry. 3.4.4.2. Interface Backup Status On the status page you can see which interfaces have been defined as main and backup. You can also see which interface is currently active (Active Interface main). Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...

  • Page 87: Routing

    Routing > Static Routing. 3.5.1.1. Route Table The routing table can be found in the navigation under: Routing > Static Routing > Routing Table and Routing > Dynamic Routing > Routing Table Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 86...
  • Page 88 Static routes are set up in the navigation under Routing > Static Routing > Static Routing. Normally no static route has to be entered. The router enters the routes itself by making changes in the configuration. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 89 3.5.2.1. Route Table The routing table can be found in the navigation under: Routing > Dynamic Routing > Routing Table Parameter description see 3.5.1.1 Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 88...
  • Page 90 15 hops is the maximum distance that a path to the destination network may be during RIP. In the menu Routing > Dynamic Routing > RIP you can adjust the following settings: Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 91 Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 90 48366 Laer +49 2554 9130 00...
  • Page 92 The OSPF protocol is particularly fast with respect to changes in the network topology and is characterized by economical use of bandwidth when creating new routing tables. In the menu Routing > Dynamic Routing > OSPF you can adjust the following settings: Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 93 In the menu Routing > Dynamic Routing > BGP you can adjust the following settings for BGP: 3.5.2.5. Filtering Route In the menu Routing > Dynamic Routing > Filtering Route you can adjust the following settings: Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 94 The Upstream Interface is used to select the interface over which the multicast is to be distributed. With the Downstream Interface List the interfaces for the downstream and upstream interface are selected from the drop‑down menu. The interfaces may vary depending on the model. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...

  • Page 95: Firewall

    ACL rules can be created on source and destination IP addresses, TCP and UDP port numbers, etc. to control access. Here is an overview of the existing ACL rules. To create a new ACL you should click Add. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 96 Destination Target wildcard is the wildcard address of the target subnet e.g. with subnet mask 255.255.0.0 Wildcard the wildcard address is 0.0.255.255 Description Text Description field for the ACL Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 95 48366 Laer...
  • Page 97 It allows devices with private network addresses to connect to the Internet. Private IP addresses cannot usually be routed by the provider, so they must be translated into a public, routable IP address. The TK800 has implemented this function, which enables communication between different networks. In addition, a relevant security aspect is found in NAT, since a public IP address cannot be traced back to the associated private IP address.
  • Page 98 • by clicking Add a new NAT rule can be configured in the following menu (Fig. 2) Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 97 48366 Laer +49 2554 9130 00...
  • Page 99 Translate an IP address to another IP address according to ACL rule Examples Case 1: SNAT (TC router as Internet gateway) The TK800 works as an Internet gateway for connected devices with private IP addresses. It translates private IP addresses from the LAN into a public, routable Internet address.
  • Page 100 3. Now configure the SNAT rule. 4. Now define the inside and outside interface. 5. Test the access via the tool ping. This can be done directly from the router. To do this, go to the Tools menu to Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 101 Ping subitem and enter the values according to the example. (Note: Use the Expert option –I 192.168.2.1 (capital i) so that access is from the inside (LAN) interface of the TK800 router). Case 2: DNAT (Portmapping / Port Forwarding) Access to connected devices via the Internet Usually, users want to access devices connected to the Welotec Router via the Internet.
  • Page 102 Is the web interface of the camera accessible via http://192.168.2.2? • Is the Welotec router entered as the default gateway for the camera (192.168.2.1)? If these conditions are met, the port mapping can be set up according to the following instructions.
  • Page 103 Configuration 1. Go to the menu item Firewall and select the sub‑item NAT. 2. Now add a new NAT rule with Add 3. Enter the data as shown in the example Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 102...
  • Page 104 MAC‑IP Binding can be found in the navigation tree under Firewall > MAC‑IP Binding . MAC‑IP Binding can be used to ensure that a device (PC, server, etc.) can only access the router if the MAC and IP addresses entered here match. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...

  • Page 105: Vpn

    IPsec tunnel, an IKE policy and an IPsec policy must first be created. Afterwards, this setting must first be confirmed with Apply & Save. Then the actual IPsec tunnel can be created via Add. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 106 Encryption method Hash Hash algorithm Diffie‑Hellman Group DH Group for key exchange Lifetime Period of validity of the IKE before it is renegotiated IKEv2 Policy: Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 105 48366 Laer +49 2554 9130 00...
  • Page 107 Via VPN > IPsec > IPsec Setting you can create a new IPsec tunnel (IKEv1 and IKEv2) under IPsec Tunnels with Add. The prerequisite is that an IKEv1 or IKEv2 policy and an IPsec policy have been created beforehand. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 108 Basic Parameters: Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 107 48366 Laer +49 2554 9130 00...
  • Page 109 IPsec SA Lifetime Validity period of SA before it is recreated IPsec SA Idletime SAs associated with inactive peers can be deleted before the global lifetime expires. Tunnel Advance: Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 108 48366 Laer...
  • Page 110 ICMP Detection Max Maximum attempts after a failed ICMP ping Retries 3.7.1.3. IPsec Extern Setting IPsec profiles are used with GRE over IPsec. The profile is created via the ADD button. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 109...
  • Page 111 IKE Keepalive Switches IKE Keepalive on or off DPD Timeout Timeout for a DPD packet DPD Interval Interval of DPD packets ***\ IPsec Advance (Phase2)*** Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 110 48366 Laer +49 2554 9130 00...
  • Page 112 GRE is used when dynamic routing is to be implemented via the IPSec tunnel. Overview page. A new GRE entry is added with Add. Under IPsec Profile the profile created under VPN > IPsec > IPsec External Setting is now in the selection list. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 113 Under VPN > L2TP > L2TP Client the corresponding client for the tunnel is created. The respective entries must be added with the Add button and are only completely saved when the Apply & Save button is clicked. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 114 OpenSSL library is used for encryption. OpenVPN uses either UDP or TCP for transport. 3.7.4.1. OpenVPN Status Status overview of the OpenVPN that has been configured. Client Status: Server Status: Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 113 48366 Laer...
  • Page 115 A new OpenVPN tunnel can be added under VPN > OpenVPN > OpenVPN Client. The router has to be configured as a client. A new configuration can be created via the “Add “ button. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 116 Depending on the selected authentication, different inputs are possible. This example deals with username / pass‑ word. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 115 48366 Laer +49 2554 9130 00...
  • Page 117 Expert Con‑ OpenVPN tunnel options that are not available via the web interface can be entered here directly figuration The client always needs the CA certificate of the server, otherwise it cannot be authenticated. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 118 Please make sure that the OVPN file does not contain any spaces. Spaces are interpreted differently by the router. 3.7.4.3. OpenVPN Server Via VPN > OpenVPN > OpenVPN Server you configure the router as OpenVPN. The prerequisite for this is that the router has a public IP address. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 119 Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 118 48366 Laer +49 2554 9130 00...
  • Page 120 The virtual network for the OpenVPN Tunnel Virtual Netmask The netmask for the virtual network of the OpenVPN tunnel Description Brief description of the server Advanced Options: Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 119 48366 Laer +49 2554 9130 00...
  • Page 121 VPN > Certificate Management. If these certificates are not available, the server will not start! 3.7.5 3.7.5. Certificate Management The certificates for an IPSec tunnel or an OpenVPN tunnel are stored in Certificate Management, provided that they are not secured via a Pre Shared Key (PSK). Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 122 Certificate Authority (CA) is the certificate of the certification authority. cate Import CRL Certificate Revocation List is the certificate revocation list. Import PKCS12 PKCS12 Certificate Certificate Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 121 48366 Laer +49 2554 9130 00...

  • Page 123: App

    3.9.1 3.8.2. APP Management To use the client IDE, it is necessary to enable the Enable IDE Debug function on the TK800. In addition, we recom‑ mend also enabling the APP Manager at this point. The App Manager gives you the possibility to install APPs under Python and to manage the existing apps in the Router‑WebUI.
  • Page 124 Upload application Once you have created your application, you can import it to other TK800 routers. To do this, you can select “APP ‑> APP ‑> APP‑Management” and click “Browse” at Import APP Package. Select your .tar file and click Upload.

  • Page 125: Industrial

    If you use your own APPs for the access to Modbus, you have the possibility to display the status here. At the moment we do not support this function. 3.10 3.9. Industrial The Industrial functions are available on all models of the TK800 series with EX in the name. Example: TK8X2L‑EX0. The following functions are available: •...
  • Page 126 Under the item DTU 1 (RS‑232) and the item DTU 2 (RS‑485) the protocols and the parameters for the protocols can be set. 3.9.1.1. Serial Port At this point the serial ports 1 (RS232) and 2 (RS485) can be configured. 3.9.1.2. DTU 1 / DTU 2 Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 125...
  • Page 127 Transparent Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 126 48366 Laer +49 2554 9130 00...
  • Page 128 TCP server selection at DTU Protocol RFC2217 selection at DTU Protocol IEC60870‑5‑101/104 selection at DTU Protocol Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 127 48366 Laer +49 2554 9130 00...
  • Page 129 Select Modbus‑Net‑Bridge at DTU Protocol Selection DC Protocol at DTU Protocol Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 128 48366 Laer +49 2554 9130 00...
  • Page 130 Displays the status of the digital input. Relay Output: Parameter Description Relay Output 1 Relay output status Action Switch on, switch off or define a cycle Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 129 48366 Laer +49 2554 9130 00...

  • Page 131: Tools

    3.11 3.10. Tools Useful tools that can be used for pinging, tracing, etc. 3.11.1 3.10.1. Ping At this point in the router software, a ping can be sent to check connections, for example. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 132 Optionally either ICMP or UDP. Default is UDP Expert Options Expert Options 3.11.3 3.10.3. Tcpdump Well‑known and widely used packet sniffer. Allows TCP packets to be sniffed. Via Tools > Tcpdump you can access this sniffer. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 131 48366 Laer...
  • Page 133 Via the Browse button you can upload a corresponding file from the computer. The file should be between 10 and 2000MB in size. After selecting the file, click the Upload button. The result will be displayed. The download button downloads a 130MB file (test.bin) which shows the download speed during the download. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...

  • Page 134: Wizards

    If the DHCP server is switched on, the DHCP end address can be entered here Lease If the DHCP server is switched on, the lease duration of an assigned address can be entered here. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 135 If PPPoE is selected under Type: Password of the provider for ADSL access. Important: A DSL modem is required for this. 3.12.3 3.11.3. New Cellular Under Wizards > New Cellular you create a new cellular interface as WAN interface and can configure it. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 136 Enable or disable NAT 3.12.4 3.11.4. New IPsec Tunnel Under Wizards > New IPsec Tunnel you can create a simple IPsec tunnel. It can be reconfigured later under VPN > IPsec. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 135...
  • Page 137 Subnet mask of the router Remote Subnet The subnet of the remote station Remote Netmask The subnet mask of the remote station Phase 1 Parameters: Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 136 48366 Laer +49 2554 9130 00...
  • Page 138 Period of validity of the IPsec policy 3.12.5 3.11.5. IPsec Expert Config Under Wizards > IPsec Expert Config you can check the IPsec tunnel status by clicking Refresh. Furthermore, IPsec configurations can be imported via the interface. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 139 3.12.6 3.11.6. New L2TPv2 Tunnel 3.12.7 3.11.7. New Port Mapping Under Wizards > New Port Mapping a new port mapping can easily be set up. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 138 48366 Laer +49 2554 9130 00...

  • Page 140: Cli Commands

    Then start e.g. putty and enter the IP address of your router and select SSH or TELNET as port or connection type. Then click on open to establish the connection to the router. If the connection is established successfully, you will get the CLI window with the login for the router. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 141 From here on you can use the following commands for help, analysis, configuration, etc. Another way to connect to the router via the CLI is via a serial console cable. This is plugged into the console port of the router and connected to the PC. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 142 The show command can be used to display parameters of the router or the configuration of the router. The help command or the “?” indicate the commands that can be used in combination with show. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 143 Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 142 48366 Laer +49 2554 9130 00...
  • Page 144 With traceroute you test the active routing of the specified destination. With traceroute hostname or IP address you start the query. 3.13.5 3.12.5. Reboot Command To restart the router, you can use the reboot command. Enter it in the CLI and the router will be restarted. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 145 With the clock set command you can configure the system date and time of the router via the CLI. The date and time format is as follows: YYYY.MM.DD‑HH:MM:SS The complete command would then look like this clock set 2019.01.24‑12:00:00 Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 144...
  • Page 146 The Username command allows you to create users to access the router. The syntax for the input is Username [Username] When creating the user, you will be asked for a new password that you can assign here. The user that is created is always a standard user. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...

  • Page 147: 4. Technical Specifications

    Storage temperature range ‑40 to +85 °C Air humidity 5 ‑ 95 %, non condensing Concussions IEC 60068‑2‑27 Free fall IEC 60068‑2‑32 Vibration IEC 60068‑2‑6 Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 146 48366 Laer +49 2554 9130 00...

  • Page 148: Radio Frequencies Lte Europe

    TK815L‑EXW, TK815L‑EGW Frequency Range Down: 1805 MHz – 1880 MHz Frequency Range Up: TK802U, TK812L, TK815L‑EX0, 1800 1710 MHz – 1785 MHz Max. Transmit Power: 1000 mW TK815L‑EXW, TK815L‑EGW Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 147 48366 Laer...

  • Page 149: Radio Frequencies Lte Asia

    Frequency Range Down: 1805 MHz – 1880 MHz Frequency Range Up: 1710 TK822L, TK825L‑ 1800 MHz – 1785 MHz Max. Transmit Power: 1000 mW EXW, TK825L‑EX0 Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 148 48366 Laer +49 2554 9130 00...

  • Page 150: Radio Frequencies Lte Usa

    TK842L, TK845L‑EXW, TK845L‑EX0 Frequency Range Down: 1930 MHz – 1990 MHz Frequency Range TK832L, TK835L‑EXW, TK835L‑EX0, 1900 Up: 1850 MHz – 1910 MHz Max. Transmit Power: 1000 mW TK842L, TK845L‑EXW, TK845L‑EX0 Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 149 48366 Laer...

  • Page 151: Radio Frequencies Lte For Additional Countries Worldwide

    TK885L‑EXW Frequency Range Down: 1805 MHz – 1880 MHz Frequency Range Up: 1710 TK882L, TK885L‑EX0, 1800 MHz – 1785 MHz Max. Transmit Power: 1000 mW TK885L‑EXW Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 150 48366 Laer +49 2554 9130 00...

  • Page 152: Radio Frequencies Wlan

    Frequency Range and Transmit Power quency Frequency Range: 2400 MHz – 2483,5 MHz TK805‑EXW, TK815L‑EXW, TK815L‑EGW , TK825L‑ Max. Transmit Power: 40 mW EXW, TK835L‑EXW, TK845L‑EXW Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 151 48366 Laer +49 2554 9130 00...

  • Page 153: 5. Declaration Of Conformity

    5 5. Declaration of Conformity Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 152 48366 Laer +49 2554 9130 00...

  • Page 154: Ce Declaration

    5.1 CE Declaration Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 153 48366 Laer +49 2554 9130 00...

  • Page 155: Fcc Part 15 Verification Statement

    A. Le fonctionnement est soumis auxdeux conditions suivantes : (1) cet appareil ne doit pas causer d’interférences nuisibles et (2) cet appareil doit accepter toute interférence reçue, y compris les interférences pouvant opération indésirable. Contains transmitter module IC: 10224A‑201807EP06A. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...

  • Page 156: Tk800-Series - Faq: Ipsec

    6 TK800‑Series ‑ FAQ: IPsec 6.1 Preface IPsec is an extension of the Internet Protocol (IP) with encryption and authentication mechanisms. This gives the Internet Protocol the ability to transport IP packets over public and insecure networks in a cryptographically se‑...
  • Page 157 Here the options “IPsec Setting” and “IPsec Extern Setting” are available. To create a new IPsec tunnel, proceed as follows: 1. Click on “IPsec Setting” 2. Click on “Enable” Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com Page 156 48366 Laer...
  • Page 158 That is why ESP is usually used instead of AH. ESP ensures the confi‑ dentiality of the communication. The packets are encrypted. In addition, an integrity protection protects against manipulation. Choose the appropriate protocol for “Encapsulation”. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 159 3. Under “IKE Version”, select the version you created under IKEv1 or IKEv2. Depending on the defaults, the values in the list box will be applied. 4. The name of the IPsec policy created previously appears in the “IPsec Policy” field. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 160 Perfect Forward Secrecy does not have a log so that the session keys used cannot be reconstructed from the long‑term secret keys after the session is closed. This means that a recorded en‑ crypted communication cannot be subsequently decrypted even if the long‑term key is known. Here you Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...
  • Page 161 9. “ICMP Detection Max Retries” are the maximum attempts after a failed ICMP ping, which you can enter here. 6.1.4 IPsec Status If the IPsec tunnel(s) have been successfully established, then you will see the following in the status overview. Welotec GmbH www.welotec.com Zum Hagenbach 7 info@welotec.com...

Table of Contents